Enabling Jamf Unlock on Computers

By default, Jamf Unlock settings are hidden in the Jamf Connect menu bar app. To display these settings and allow users to access the Paired Devices window, you must set the EnableUnlock key to true in a configuration profile or PLIST written to the com.jamf.connect preference domain.

To allow users to use Jamf Unlock at the macOS login window, set the EnableUnlockForLogin setting to true.

To require users to use a PIN to complete authentication requests, you must also configure the RequirePIN setting to true.

Important: To ensure authentication with Jamf Unlock works as expected, make sure your PIN requirement settings are the same between your Jamf Unlock managed app configuration and Jamf Connect configuration profile.
Requirements

To use Jamf Unlock at the macOS login window, you need the following:

  • The Jamf Unlock 1.2.0 or later

  • Jamf Connect 2.7.0 or later installed on computers with macOS 10.15.4 or later.

  • The Jamf Connect launch agent installed on computers.

    For more information, see Launch Agent.

Configure and deploy the following settings as a separate .mobileconfig or PLIST or in an existing configuration profile for the menu bar app:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>Unlock</key>
        <dict>
            <key>EnableUnlock</key>
            <true />
            <key>EnableUnlockForLogin</key>
            <true />
            <key>RequirePIN</key>
            <true />
        </dict>
    </dict>
</plist>

After the profile is distributed, Unlock settings display in the Jamf Connect menu bar app, and users can pair their mobile device.

If you also enabled Jamf Unlock authentication at the macOS login window, the Enable Jamf Unlock switch displays the next time the users logs out of the computer.